When the ProxySG appliance is in an explicit proxy deployment and CAPTCHA validation policy is installed, the browser does not present the CAPTCHA validation form to users. In some cases, the browser displays an error message.
Note: CAPTCHA policy was introduced in SGOS 6.6.4. Refer to the SGOS Administration Guide and the Content Policy Language Reference for details.
When the proxy opens HTTPS connections, browsers configured for explicit proxy send a CONNECT message. The message contains the origin content server (OCS) hostname and informs the proxy that the client is about to open a tunnel to that host. What happens next depends on the authentication mode specified in policy:
Intercept SSL connections and bypass CAPTCHA validation for HTTP CONNECT messages. Validation is thus performed on the first HTTP request that is sent inside the tunnel. Refer to the following example:
; intercept SSL traffic using the HTTPS forward proxy
; if request is not HTTP CONNECT tunneled and URL category is shopping,
; connect using the specified validator
http.connect=no category=("shopping") validate(captcha_1)